3 Specification language requirementsHierarchybehavioral and structuralCompositional behaviorMust be “easy” to derive behavior from behavior of subsystemsTiming behaviorState-oriented behaviorclassical automata models are insufficientRequired for reactive systemsEvent-handlingExternal (caused by the environment) or internal events (caused by the system)No obstacles to the generation of efficient implementationsSupport for the design of dependable systemsUnambiguous semantics and capable of describing security and safety requirementsException-oriented behaviorNot acceptable to describe exceptions for every state

4 Synchronization and communication Verifiability ConcurrencySynchronization and communicationConcurrent actions have to be able to communicateVerifiabilityPresence of programming elementsProgramming languages have proven to be convenient for the expression of computationsClassical state diagrams do not meet the requirementExecutabilityThe possibility to execute a specification is a way for checking itSupport for the design of large systemsSoftware technologies has found object orientation mechanism for designing large systems

5 Domain-specific support Readability Portability and flexibilityLanguage feature dedicated to control/data-dominated or centralized/distributed applicationsReadabilitySpecification must be readable by the human beingPortability and flexibilitySmall changes of the system’s features should require small changes to the specificationNon-functional propertiesFault tolerance, size, expected lifetime, power consumption, electromagnetic compatibility, extendibility etc.TerminationSupport for non-standard IO-devicesAppropriate model of computationIt is obvious there will be no formal language meeting all these requirements. Compromises will have to be made.

6 A note on timing: Problems with classical CS theory and von Neumann computing“The lack of timing in the core abstraction is a flaw, from the perspective of embedded software, …”Ed Lee, Absolutely Positively on Time, IEEE Computer, July 2005.“Timing is everything”Frank Vahid, WESE 2008Even the core … notion of “computable” is at odds with the requirements of embedded softwareIn this notion, useful computation terminatesIn embedded software, termination is failureSubcomputations must terminate with predictable timing“What is needed is nearly a reinvention of computer science”

7 General language characteristicsSynchronous and asynchronous languagesLanguages based CFSMs and sets of processes (ADA, Java) are non-deterministic, since the order in which executable processes are executed are not specifiedSynchronous languages avoid non-determinism: Esterel, Lustre, StateChartsProcess conceptsNumber of processes can be either static (e.g. StateCharts) or dynamicProcesses can be statically nested or declared at the same levelTechniques for process creation existConcurrent process model

8 General language characteristicsSynchronization and communicationShared memory – all variables can be accessed from all processesMessage passing – messages are sent/received just like mails over the Internet. Generally slower.Specifying timing. Four requirements:Access to a timer – a means to measure elapsed timeMeans for delaying a process (e.g. “wait for” in VHDL)Possibility to specify timeouts (e.g. StateCharts allows timeouts)Methods for specifying deadlines and schedulesUsing non-standard IO/devicesE.g. ADA allows variables to be mapped to specific memory addresses

10 Harel StatechartsIntroduced by David Harel in provide compact and expressive visual formalisms for reactive systems.What are Statecharts?Viewed as both model and graphical specification language.Describe communicating finite state machines - Visual formalism for describing states & transitions in modular fashion.What is the purpose of using Statecharts?To suppress and organize detail.Best if graphical. The clarity they provide can be lost if they are represented in tabular form.Allows the super states to have history. History is helpful for back-up, if system fails.The Harel statechart is equivalent to a state diagram but it improves the readability of the resulting diagram.It can be used to describe many systems, from computer programs to business processes.

11 Harel StatechartsThey are directed graphs and used to describe the behaviour of an object. The vertices are the states an object can reach. Edges are changes of the state, the so-called transitions.Statecharts based on a generalization of the concepts of FSMs. It’s considered that the computing power of statecharts is the same as that of Finite State Machines.Recent paper argues that the computation power of statecharts is far beyond that of Finite Automata and that Interaction Machines are the most accurate theoretical models for statechartsUsed as a modeling tool and adopted by Unified Modeling Language (UML) as an important technique to model the dynamic behavior of systems.

12 State-Transition Diagram vs. StatechartFG/A E/ BSSEEFFUG/AE/BUFTTG/AG/AState-transition diagramStatechartThe statechart reduces the number of transitions when compared to STD.G/A represents that for event G action A takes place.S & T are combined together into a super-state F (OR- property of the statechart)

14 Statecharts development2 Types of statechart developmentHarel StatechartsDeveloped by David Harel.First developed for function-oriented systems.Later extended for OO systems with few changes.UML StatechartsDeveloped by Object Management Group (OMG).Extended the properties of Harel statecharts with some new features.

16 Example: Equivalent STDIf there are n states in one side of the dashed line in a super-state and m states in the other side, then the total number of maximum states in the equivalent state-transition diagram will be the product m*n.U_XV_YU_YV_WU_WV_XAGJEKF

17 1. Decomposition: OR-State, AND-stateA superstate may be decomposed into any number of OR-states. When the object is in the superstate, it must be in exactly one of its OR-substates.S is decomposed into X & Y. At any given time S will be either in X or Y but not both.The default start state in S is X. t1 & t0 are the events depending on which the S will be in either X or YXYt1t0SOR StateZSRYXt6t0t1t3AAND StateBCA superstate may be decomposed into any number of AND-states. When the object is in the superstate, it must be in every active AND-substates (shown with dashed lines).C is the superstate formed by the AND product of A & B.X & R are the default initial states of A & B respectively. When the system enters C it will be present in both X & R at the concurrent time.

18 2. Clustering & RefinementClustering is a bottom-up concept & refinement is a top-down one; both give rise to the OR-relationship between a state’s sub-states.Reduces the number of transitions in a statechart.Superstate R & T can be extended if needed in order to view the sub-states and their internal transitions, which is called refinement.STUG/AEFE/BSimple State DiagramClustering of StatesAStates S & T are clustered into a single super-state A.Expanding A & showing its sub-states is refinement.

19 3. HistoryHistory (H), in a statechart gives the most recently visited state of the super-state that it is entering.Shallow History (H): Represents the most recently entered state at the same level.Deep History (H*): Represents entering the most recently visited state irrespective of how deep the state is.History is “forgotten” if dead has been entered in the meantime.

20 H – History chooses between G & F. H remembers between A,B,C,D,E. H remembers the last sub-state (both history and sub-states should be at the same level) the system left.H* - System will enter the most recently visited state (A-E)H* remembers the last sub-state the system left, irrespective of how deep it may be when considered with the history state.B & C are the default initial states for G & F.H/H*ABCEDGKF

21 4. Orthogonality 5. Overlapping statesReduces the number of states.Viewed as the AND product of two states (consisting of sub-states) which gives a certain kind of synchronization.Generalization of the usual product of automata with some dependence between components (like common events or conditions).Overlapping statesA state which is present in both the super-states.Overlapping states removes redundancy.Turns XORs state machine into ORs.Causes semantic problems especially when the overlapping involves orthogonal components.

22 Sub-state “C” is present in both A & D, i. eSub-state “C” is present in both A & D, i.e. the relation between A & D is OR.Too much of overlapping should be avoided as it leads to unnecessary burden & complexity.BACEFDab

23 6. Delays & Timeouts (event, number)Represents the event that occurs precisely when the specified number of time units has elapsed from the occurrence of the specified event.Has lower bound and upper bound attached to each of the timeouts and events.Lower Bound: If events are to cause exits, events do not apply in the state until the lower bound is reached.Upper Bound: The event has to take place in that time.

24 7. Conditions & Selection Entrances (C & S)Condition (C): Upon the entrance of the super-state a condition is checked and the transition is made to one of the sub-states in the super-state.Selection (S): The transition is made depending on a generic value of the input rather than the condition.

25 Conditions & Selection Entrances (C & S)C represents the conditions.The state entered depends on whether C evaluates to P, Q or R and states reached will be Z, X, Y respectively.On entering the super-state, which state (whether X,Y,Z) to enter depends on the what the condition C evaluates to.aYXZCRPQACBSData EnteredResetExecuteSet_upThe decision to enter one of the three states, A, B, C depends on what will be the generic value of S.

26 More properties8. Harel statechart is a mix of Mealy and Moore state machines and flowchart.9. Fork & merge (see figure).10. Broadcast feature in statecharts.ABCDEFE1/A1E2/A2

27 Shortcomings of Harel StatechartsSemantics: How to represent?No specified approach.Many papers published, each having one flaw or other, none giving the complete formal semantics.Harel introduced STATEMATE CASE tool to deal with this but that paper too had one debatable topic.Notion of timeAssumption: Transitions take zero time (not possible for RT systems).No way to tell whether how long the system can stay in a particular state.DeterminismWhat should be done in case an event may result in multiple transitions each leading to a different state?Which one of the transitions must have precedence over others?Leads to non-deterministic situation.Race condition: What will be the resulting value?Non-determinism of statechart may result in race condition for the system.Multiple transitions on multiple states may occur for the same event, and may attempt to modify the same value.

28 Shortcomings: non-determinismPriority should be given to transitions so as to eliminate the non-determinism.On entry into the superstate S, both the sub-states are traversed concurrently.When the system exits S, it is not sure what the values of X & Y will be, it depends on which one of the events triggered first (i.e., if E in S1 is triggered first then the values of X and Y both will be 1, else X will be assigned to 1 and the value of Y depends what X was prior to being assigned 1).This leads to non-determinism in the system.S11S12S22S21E/X=1E/Y=XS1S2S

29 Shortcomings: race conditionRace Situation: What is the value of X after state “S” is exited?There is race condition in the system. The value of X depends on which of the events i.e. E in S1 or E in S2 triggered last.S11S12S22S21E/X=1E/X=2S1S2S

30 Shortcomings of Harel StatechartsInfinite loops:Doesn’t define the property of consistency check in its model.The flaw in the design may lead to infinite loop while the system is being designed.Inconsistency in free transitions:Inconsistency when an exit transition leaving a composite boundary happens to be an unlabelled transition.Statecharts do not support any dynamic semantics to cover their precise behavioral aspects.

31 ConclusionStateCharts’ main application domain is that of local, control-dominated systems.Key advantage is the property of nesting hierarchies.Examples of tools based on StateCharts: StateMate, StateFlow, BetterState. Many can translate StateCharts into equivalent C or VHDL, from which hardware can be synthesized.

35 UML statecharts Harel statecharts are the basis for UML statecharts.Harel statecharts were mainly designed for function-oriented structured analysis design techniques, later extended for OO technology.Statecharts were introduced in UML with modifications in the semantics and some in-build terminology.

37 UML Statecharts: PropertiesObject Behavior:An object can be in different states depending on the present value of the variables and data types it has.The object behavior can be represented in three different types:Simple behavior: Doesn’t depend on history of the previous inputs or services. E.g. simple mathematical functions.State behavior: The entire system or space is divided into states.Continuous behavior: Depends on object’s time history.2. Delays & Timeouts:Statechart transitions are modeled to take insignificant amount of time.A guard and a trigger represent a transition. They are of two types of triggers:Named Trigger: Results in transition.Null transition: Evaluated only once upon entrance to the source state.Assumption: Evaluation of conditions, guards and triggers takes zero amount of time.Timeouts are there in UML statecharts.

38 Null transitionNull Triggered transition G is implemented immediately after Start() & Execute(). If g evaluates to false then the only way it will ever be evaluated is if event R occurs retriggering the null-triggered transition.SEntry / Start()Do / Execute()TE[G]

39 UML Statecharts: Properties3. UML statecharts define 4 types of events:Signal: Event due to extended asynchronous process.Call: Execution of an operation within the object.Change: Change in value of an attribute.Time: Lapse of a time-interval.Message passing between different diagrams5. Priority given to transitions with the innermost source state.ABB1Enter: f(a)Exit: g()Enter: x()Exit: y(a, b)First y(a, b)then g()First f(a) isthen x()Execute from outermost first – for entryExecute from innermost first – for exit

40 UML Statecharts: Properties6. Actions and Activities:Activities: Performed as long as the state is active, interpreted and terminated by the receipt of an incoming event.Actions: Usually short, non-interruptible behavior while activities longer, interruptible behavior.7. Fork & Join in UML.8. Two different kinds of state machine formalisms:Statechart Diagrams: Used when state transitions takes place when an event of interest occurs.Activity diagrams: Changes state primarily upon completion of the activities executed.9. UML statecharts have some dependence on abstract state machines along with Mealy’s. Harel statecharts are mainly based on Moore’s10. Events can carry parameter, which Harel’s statechart doesn’t support.11. Conditional guards.12. Guards & explicit state machines.OffOnOnButtonPushed [Guard Condition] /Action:= Start();ControlPanel.UpdateState(Start)Message: OnButtonPushedGuard: Guard ConditionAction: Start() [Internal Action]ControlPanel.UpdateState(Start) [External Action]

41 UML Statecharts: Properties13. Pseudostates.A kind of state vertex in the UML metamodel that represent transient points in transition paths within a state machine.Vertical bars indicate where concurrent behavior begins or ends (called pseudostates)E.g. Start state, Terminal state, Connectors etc.14. Synch PseudostateAllows a special kind of guard in which a “latch” remembers that a specific transition has occurredSimilar to Petri net “place” with explicitly indicated capacityMust synchronize across AND-StatesGC1D2D1C2BAD3E1/A1E2/A2FCSynch PseudostatePseudostates

43 Shortcomings of UML statechartsNo discussion of extension mechanisms of statechart diagrams.Do not support overlapped states:But the same functionality can be achieved without the use of overlapped states, though overhead involved to design it increases .Boundary crossing violates encapsulation:Boundary crossing (supported by UML) is the practice, which violates the encapsulation of hierarchical states machines.Non-determinism:UML’s reversed priority rule for resolving inter-level concurrency conflicts introduces non-determinism in the outer state machine.Representation of states:UML statecharts can properly represent only one distinct accept state in a sub-state machine.Exit Paths:In UML all the exit paths are subsequently merged in the single completion transition leaving the composite state boundary.

46 Conclusion MoC: FSM + shared memoryUse of Harel statecharts or UML statecharts depends on the requirements for the design of the system.Systems which have synchronization as their main issue can be well-designed if they used UML statecharts.UML statecharts are widely used due to popularity, & number of tools in market that support UML statecharts.

49 STATEMATE systemA graphical working environment developed by Harel to address the semantic shortcomings of statecharts.Has one debatable topic.Whether changes (generated events and/or updates to values of variables) should be considered to take place in the current step or in the next one.Harel’s decision was to adopt the latter one.Enables user to prepare, analyze, & debug diagrammatical description of the system under development.It provides a direct and formal link between user requirements and software implementation.Creates a visual, graphical specification that clearly and precisely represents the intended functions and behavior of the system.This specification may be executed, or graphically simulatedUses:Military and AerospaceAutomotive Manufactures and SuppliersMedical ElectronicsRailway Systems

50 STATEMATE system Model-based approach Modeling languagesStatemate enables a model-based approach allowing errors to be detected and corrected earlier in the process.Statemate is focused on enabling the system engineer to create formal requirements and an executable specification while generating system, integration and unit tests.Modeling languagesThe modeling language is based on standard engineering diagrams.The three views of the system model are described:Structure: Module-chartsFunctionality: Activity-chartsBehavior: Statecharts

52 Module-charts Can be regarded as a certain kind of data-flow diagram.Describe the modules that constitute the implementation of the system, its division into hardware and software blocks and their inner components, and the communication between them.E1SharedDataE2E4E3CC1C2BAEnvironmentmoduleStorageSub-modulesModules

53 Activity-chartsActivity-charts can be viewed as multi-level data-flow diagrams.Capture functions, or activities, as well as data-stores, all organized into hierarchies and connected via the information that flows between themThe internal description of the control activity is given by the statecharts.CDHKS2S1ABE1E2E3ExternalactivitySub-activityControl activityFlow ofcontrol itemdata item

54 Activity-Chart: Mobile Phone SystemClient_Input_Panel, Server_Consol, Display, Call_Output, User_Account – External activities of the system. These tasks are performed not by the systems but by other factors like operator entering the data etc.Client, MSC server, BS server – Internal activities of the system. They accept the input from the external activities and perform the required functions. The task may be assigning port# to the client, receiving and sending of frames etc.Mobile_Client_Control, MSC_Control, BS_Control – Control activity of the system. There behavior is explained in the statecharts.

55 Statechart of Client: Mobile Phone SystemThe figure shows the control behavior of Mobile_Client_Control (present in the previous slide).Shows the entire cycle of how client initiates a call, connects to the number he dialed, and all the operation until he has hung up the phone from the client’s perspective.The data on the transitions gives the various guard conditions and actions that take place upon when the condition evaluates to true. The data in “[]” represents the guard conditions and the functions after the “/” represents the actions.The default entry state is: The client is Idle.

56 Statechart of MSC: Mobile Phone SystemThe figure shows the control behavior of MSC_Control (present in the Activitychart slide).Shows the entire cycle of how MSC server listens to a request form the client.If the MSC server has a free port#, it assigns it to the client and listens on that port.As and when the client hangs up the phone, the MSC server closes that socket connection and assigns it to new one as the request from client is received.

57 Statechart of BS: Mobile Phone SystemThe figure shows the control behavior of BS_Control (present in the Activitychart slide).The figure shows the super state BS_Listening. This checks the conditions that the client is receiving a frame from BS every 50ms.Once the connection has been established the messages are sent to-and-fro between the client BS-Control and client.

58 STATEMATE simulationStatemate model is a formal model that can be simulated and automatically translated into code.System behavior is validated as an integral part of the design process before anything is built.Statemate simulator can provide traditional debugging: monitors, and debugger windows. This allows the user to analyze the specification in order to ensure that its behavior is correct and to capture the test data that will be used later to test the implementation.The Statemate system can generate high quality C code for software developer, and VHDL/Verilog code for hardware engineers.The software creates a virtual prototype for operation on a workstation or PC, or code that runs on the target testbench system.

61 Specification and Description Language (SDL)Designed to model distributed systemsDates back to early 70sFormal semantics defined in the late 80sDefined by ITU (International Telecommunication Union): Z.100 recommendation in Updates in 1984, 1988, 1992, 1996 and 1999Based on asynchronous message passingProvides both textual as well as graphicalProcesses (represent extended FSMs) are the basic elementsProcesses can perform operations on dataContains programming language elements such as procedures

63 Operations on dataVariables can be declared locally for processes. Their type can be predefined or defined in SDL itself. SDL supports abstract data types (ADTs). Examples:

64 Communication among SDL-FSMsCommunication between FSMs (or “processes“) is based on message-passing, assuming a potentially indefinitely large FIFO-queue.Each process :fetches next entry from FIFO,checks if input enables transition,if yes: transition takes place,if no: input is ignored

65 Deterministic?Let tokens be arriving at FIFO at the same time: Order in which they are stored is unknown.All orders are legal: simulators can show different behaviors for the same input, all of which are correct.

66 Process interaction diagramsInteraction between processes can be described in process interaction diagrams (special case of block diagrams). In addition to processes, these diagrams contain channels and declarations of local signals. Example:

67 Hierarchy is SDLProcess interaction diagrams can be included in blocks. The root block is called system.Processes cannot contain other processes, unlike in StateCharts.

73 ConclusionMoC: finite state machine components + non-blocking message passing communicationSDL is excellent for real-time, interactive and distributed systemsNot necessarily deterministicReliable implementations require the knowledge of a upper bound on the FIFOs lengthTimer concept is sufficient for soft deadlines but not for hard deadlinesHierarchies are supportedNo full programming support, no description of non-functional propertiesCommercial tools: SINTEF, Telelogic, CinderellaBecoming less popular

76 SystemC: MotivationMany standards (e.g. the GSM and MPEG-standards) are published as C programsStandards have to be translated if special hardware description languages have to be usedThe functionalities of systems are provided by a mix of hardware and software componentsSimulations require an interface between hardware and software simulators unless the same language is used for the description of hardware and softwareAttempts to describe software and hardware in the same language.Various C dialects used for hardware description

82 SpecCSpecC is based on the clear separation between communication and computation. Enables plug-and-play for system components; models system as hierarchical networks of behaviors communicating through channels.SpecC specifications consists of behaviors, channels and interfaces.Behaviors include ports, locally instantiated components, private variables and functions and a public main function.Channels encapsulate communication. They include variables and functions, used for the definition of a communication protocol.Interfaces are linking behaviors and channels together. They declare the communication protocols which are defined in a channel.

88 Entities and ArchitecturesEach design unit is called an entity.Entities are comprised of entity declarations andEach architecture includes a model of the entity. By default, the most recently analyzed architecture is used. The use of another architecture can be requested in a configuration one or several architectures.

94 Wait statements Four possible kinds of wait-statements:wait on signal list;wait until signal changes;Example: wait on a;wait until condition;wait until condition is met;Example: wait until c='1';wait for duration;wait for specified amount of time;Example: wait for 10 ns;wait;suspend indefinitely

95 Sensitivity ListsSensivity lists are a shorthand for a single wait on-statement at the end of the process body: process (x, y) begin prod <= x and y ; end process; is equivalent to process begin prod <= x and y ; wait on x,y; end process;

97 Verilog HW description language competing with VHDL Standardized:IEEE (Verilog version 1.0)IEEE (Verilog version 2.0)Features similar to VHDL:Designs described as connected entitiesBit-vectors and time units are supportedFeatures that are different:Built-in support for 4-value logic and for logic with 8 strength levels encoded in two bytes per signal.More features for transistor-level descriptionsLess flexible than VHDL.More popular in the US (VHDL common in Europe)

101 Other languages/environmentsSCE (ESE is a toolset for modeling, synthesis and validation of multi-processor embedded system designs):SPARK (C-to-VHDL high-level synthesis framework):SpecCharts: Combination of StateCharts and VHDL; designed by Gajski et al. (UC Irvine)MATLAB (Matrix Laboratory): facility for defining matrix-based computations, extending numerical FORTRAN packages LINPACK and EISPACK with a GUISimulink: GUI-based specification of control systems, uses MATLAB for solving these problems.Esterel: reactive language; synchronous; all reactions are assumed to be in 0 time; communication based on instantenous broadcast;